FBPwn – Facebook social engineering framework

Today we are sharing all our sensitive information on social networks websites such as Facebook, twitter and more. I have just used a very nice tool that you can use on your lab as a PoC about how it will be possible in a few minutes to download profiles and pages with all pictures locally.

Sometimes we receive invitation from untrusted sources on Facebook and we think to add this person or not, on these cases I send a message to verify the user, actually some users make their profile picture as an image of mountain, a jungle or a beautiful beach and I try to remember them because this can be a friend that I studied with at the school or we know each other from other place.

The tool that you can use is FBPwn, this tool will try several attack on FB directly from a user account so it will do the following:

Dump friend list

Add all victim friends

Dump all users album pictures

Dump profile information

Dump photos ( this mean profile pictures)

Check friends request

Dump victim wall (here including poke)

Clone the profiles

FBPwn Screenshots Click to enlarge

All information will be stored locally so even if the victim will remove attacker from his friends list this will be late as this profile is owned. I would recommend this tool as an awareness material for your friends and corporate level to understand risks of sharing information online.